#!/bin/bash

###
#
# 设置 iptables
#
###
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 514 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 1080 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 6443 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
# vrrp通告采用组播协议
iptables -A INPUT -m pkttype --pkt-type multicast -j ACCEPT

# etcd
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 2379 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 2380 -j ACCEPT

# save
iptables-save > /etc/iptables.rules

# 开机自动启动
cat > /etc/network/if-pre-up.d/up_iptables.sh <<EOF
#!/bin/bash
iptables-restore < /etc/iptables.rules
EOF

chmod a+x /etc/network/if-pre-up.d/up_iptables.sh
